SG-5100 - Hardware watchdog? (watchdogd)

Been monkeying around with my SG-5100 trying to get it all figured out. Finally received the extra parts I was waiting for (16G RAM + Intel SSD) and got those installed.

Question: in the BIOS, I see there's a real HW Watchdog, but it's disabled:
I tried enabling it, but it didn't show up in the pfSense GUI. I guess there's no driver for it(?) because the box reboots itself in a loop when the HW dog is enabled. So I had to shut that back off pretty quickly

Is this going to change in the future? I liked the idea that the watchdog was supported on the ADI units. Going to miss that if it's not going to be a thing anymore...

We were experimenting with this a bit internally yet. It might be feasible to bring in the wbwd driver since it appears to be supported in FreeBSD, just not built in our release yet. Needs more testing though.

If you don't want to wait for us, you could copy /boot/kernel/wbwd.ko from a FreeBSD 11.2 install to /boot/kernel/ on that firewall and then add wbwd_load="YES" to /boot/loader.conf.local and see if it works for you.

Update: some good news! I copied the wbwd.ko driver from my FreeBSD 11.2-p3 system onto my 5100. Added the wbwd_load="YES" to /boot/loader.conf.local as you described, and rebooted. The driver loaded (confirmed with kldstat -v -n /boot/kernel/wbwd.ko) and I saw some messages in the dmesg scroll to indicate it was detecting the hardware:

I set the watchdog timer in the BIOS to 3 minutes. Once the firewall booted up, I noticed it rebooted itself within a minute. I noticed watchdogd wasn't automatically starting. I poked through /etc/inc/system.inc and found the relevant sections where the platform is compared to known-compatible models (RCC-VE, ROGUE-1 etc).

I modified a couple of these functions- adding in case switches for SG-5100 and then removed the /boot/loader.conf.local since I noticed the driver gets manually started anyway by watchdogd_configure(). After doing that, the GUI option appeared, and I enabled it. Another reboot, and this time the firewall stayed up on its own! I checked again and found that wbwd.ko was indeed loaded automatically, and watchdogd was running.

To test it, I issued a pkill -9 watchdogd and waited about 2 min. Sure enough, the firewall rebooted. I think there might be a better way to test using the watchdogd command itself—I was reading watchdogd(8) - EXAMPLES but I couldn't figure it out.

I tried to make a Pull Request for these changes, but it looks like the code on GitHub doesn't include those functions. I guess they're private and only part of the factory image? Hopefully you guys can add that in soon

But overall, looking pretty good. Anything else I missed?

P.S.— In case anyone wants to have a go but doesn't have easy access to a FreeBSD system, here's a copy of wbwd.ko you can use:wbwd.ko.zip